Thu, 18 Dec 2008 Microsoft fixes IE bug
Microsoft's patch is for users of IE version 5 and up
Security experts say that Web surfers should immediately install a new bug-fix for Microsoft's Internet Explorer browser, released yesterday.
The flaw, which was accidentally made public by Chinese security researchers just over a week ago, has been used in a growing number of Web-based attacks over the past few days.
Criminals have posted attack code that exploits this flaw on thousands of Web sites so far, according to Rick Howard, intelligence director with VeriSign's iDefense group. VeriSign has now seen six variants of the attack software, all of which attempt to steal Chinese online gaming credentials.
Often the attack is launched through a hidden iFrame component that is surreptitiously put on a Web site. VeriSign has even spotted one such iFrame attack on a legitimate financial institution's Web site, Howard said. "The volume of iFrames deploying this thing is really high."
The flaw lies in the way Internet Explorer's data-binding function works, Microsoft said. When the browser is attacked it will crash, corrupting the computer's memory and allowing the criminal to run unauthorized software.
Because Internet Explorer is used by about 70 percent of Web surfers, this attack code will probably show up in widely used malicious software toolkits "very shortly," Howard said.
Other security companies agreed with VeriSign's assessment. "Microsoft's latest IE out-of-band patch release needs to be installed right away," said Shavlik Technologies in a statement. "The number of infected Web sites is growing at an alarming rate - even people visiting legitimate Web sites are getting hacked with this exploit."
The flaw is so serious, in fact, that Microsoft took the unusual step of issuing its security fix weeks ahead of schedule. Typically Microsoft releases security patches just once a month in order to simplify the lives of system administrators. Its next set of updates is due 13 January.
Criminals could also launch their attacks via email, by sending victims maliciously encoded HTML documents, although this type of attack has not been reported.
Microsoft's patch is for users of IE version 5 and up.
Get four free Mac programs worth £82 and 40 free prints from Jessops with Macworld print magazine. On sale now! Click here for more information.
Contact Us
DiggEmail A Friend
Email this article to a friend or colleague:
PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.
Permalink This Article
This articles permalink is:
http://www.macworld.co.uk/business/news/index.cfm?newsid=24034
<<prev article | back to news index | next article>>
Do you share your creations online? % of Macworld readers agree with you What do you create and how do you share it? Follow the conversation at @TabletChat paintings & illustrations, mostly, which i upload to flickr.RT @fragmentedm I draw manga/anime characters. I also do graphic design and photography.RT @spialelo Yes. I usually put them up on my #deviantart account for feedback on how to improve.RT @spialeloQuestion of the day!
Latest News
- Apple intros Aperture 3, adds over 200 new features
- VIP iPhone app drops from millionaire priced £279.99 to under a tenner
- Play.com: Google Nexus One now available for pre-order
- Amazon's Kindle gets ready to battle Apple's iPad
- Apple Store is down, new Macs imminent?
- Canon intros EOS 550D 18-megapixel DSLR camera
- WSJ: Apple could slash iPad prices if sales disappoint
- Apple offers 'find out how' tutorials as podcasts
- Adobe says sorry for 16-month-old Flash bug
- Getty launches subscription stock image service, Thinkstock
- RouteBuddy intros RouteBuddy Atlas 1.3 for iPhone, iPod touch
- AppFund seeks Apple iPad developers, offers funding up to $500,000
iPhone 3G S Video Review
Related News
- Sharp, Samsung settle all outstanding LCD patent cases
- Nokia targeted in US class action suit, announces job cuts
- Vodafone looks to Apple iPhone, smartphones for increased revenue
- O2 celebrates 2 million Apple iPhone customers in the UK
- Apple iPad likely to come with mobile ads
- Sony returns to profit, cuts full-year loss forecast
- AOL posts modest profit but revenues decline
- Planned UK T-Mobile and Orange merger hit by OFT probe
- Analyst: Apple iPad could generate 57 million tablet sales a year
- Adobe, CU team-up, place value in legitimate creative software with new anti-piracy campaign
Mac Broadband?
Search news
Search Google
Newsletter signup
It's easy and free to get the latest news headlines, reviews and opinions straight to your email inbox. Sign up NOW to make sure you receive the latest Mac news, reviews and tutorials on your favourite topics.
Register now
Stay on top of the latest, breaking Mac news and chat with other Mac professionals and enthusiasts about the issues that matter to you. Register with Macworld today to join our forums and receive our twice-weekly email newsletter, Macworld Mainline.
RSS
Have the latest content delivered to your desktop via RSS. Use the links below to get access to a specific blog, news, or reviews feed.
MACWORLD MARKETPLACE
 |
Computer & Laptop |
 |
Are you a new customer? Are you doubtful? |
 |
Circus Ponies NoteBook - the easy way to get organized on the Mac |
 |
Beat the Credit Crunch - Lease your Mac from Hardsoft. |
 |
50% off ebooks |
Click here for the latest reader comments